<?php
// exit;
// if( $_SESSION['dtype']!="6" && $_SESSION['dtype']!="0"){
        // exit('{"status":"fail","msg":"只有供应商能操作"}');
    // }
    
include_once '/var/www/html/new/com.inc.php';
if (!function_exists('raw_post')) {
    function raw_post($url,$data){
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_URL,$url);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        return curl_exec($ch);
    }
}

function stopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){  

    if(is_array($StrFiltValue))
    {
        $StrFiltValue=implode($StrFiltValue);
    }  
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){   
        log_attack($StrFiltKey, $StrFiltValue);
        exit('{"status":"fail","msg":"非法操作"}');
    }
}


foreach($_POST as $key => $value){
    stopAttack($key,$value,$getfilter);
}

switch($_POST['action']){
    case "insert" :
        $fid        = $_SESSION['sid'];
        $name       = trim($_POST['Appname']);
        $hash       = $_SESSION['account'];
        $username   = $_POST['wechatIds'];
        $password   = md5(md5($_POST['wechatSecrets']));
        $appid      = trim($_POST['appid']);
        $sql = "select id from pft_wx where appid='$appid'";
        $le->query($sql);
        $row = $le->fetch_assoc();
        if($row['id'])exit('{"status":"failq","msg":"该APPID已被绑定"}');
        $appsecret  = trim($_POST['AppSecrets']);
        $ac_type    = intval($_POST['typeid']);
        //$temp = $fid.'|'.$hash.'|'.$username.'|'.$password.'|'.$appid.'|'.$appsecret.'|'.$ac_type;
        // echo $temp;exit;
        //$token = md5($temp);
        $token = md5($_SERVER['REQUEST_TIME'].'pft'.$username);
        $encodingAESKey = str_shuffle($token . substr($token, 0, 11));
        $sql = <<<SQL
        INSERT INTO pft_wx (fid,name,hash,username,password,appid,appsecret,token,
        encodingAESKey,ac_type,create_time) VALUES({$fid},'{$name}','{$hash}','{$username}',
        '{$password}','{$appid}','{$appsecret}','{$token}','{$encodingAESKey}',$ac_type,now())
SQL;
        $GLOBALS['le']->query($sql);
        // echo $sql;
        $arr = array(
            "status"        => "ok",
            "msg"           => "保存成功",
            "url"           => "http://wx.12301.cc/api.php?hash={$hash}",
            "token"         => $token,
            "encodingAESKey"=> $encodingAESKey
        );
        echo json_encode($arr);
        $url = 'http://wx.12301.cc/handler_raw.php';
        $salt = substr($token,0,16);
        $param = base64_encode($salt.$appid.$hash);
        $data0= array(
            'do'    => 'CreateDefaultMenu',
            'hash'  => $hash,
            'param' => $param
           );
        $data1 = json_encode($data0);
        $res  = raw_post($url,$data1);
        echo $res;
        break;
        
    case "update":
        $hash       = $_SESSION['account'];
        $name       = $_POST['Appname'];
        $username   = $_POST['wechatIds'];
        $appid      = $_POST['appid'];
        $appsecret  = $_POST['AppSecrets'];
        $ac_type    = intval($_POST['ac_type']);//公众号类型，1服务号0订阅号
        //TODO::判断二级域名还没有生成的供应商，给他来一个！
        $sql = "SELECT id FROM pft_member_domain_info WHERE fid={$_SESSION['sid']} LIMIT 1";
        $le->query($sql);
        if (!$le->fetch_assoc()) {
            $sql_insert = "INSERT INTO pft_member_domain_info(fid,M_domain) VALUES({$_SESSION['sid']},'{$hash}')";
            $le->query($sql);
        }

        $sql = <<<SQL
        UPDATE pft_wx set appid='$appid',appsecret='$appsecret',name='$name',ac_type=$ac_type
        WHERE fid={$_SESSION['sid']} AND `username`='$username' limit 1
SQL;
//        echo $sql;exit;
        $le->query($sql);
        $arr = array(
            "status" => "ok",
            "msg"    => "保存成功",
        );
        $token = md5($_SERVER['REQUEST_TIME'].'pft'.$username);
        $url = 'http://wx.12301.cc/handler_raw.php';
        $salt = substr($token,0,16);
        $param = base64_encode($salt.$appid.$hash);
        $data0= array(
            'do'        => 'CreateDefaultMenu',
            'hash'      => $hash,
            'ac_type'   => $ac_type,
//            'secret'    => $appsecret,
            'param'     => $param
        );
        $res  = raw_post($url,json_encode($data0));
//        echo $res;
        $json_res = json_decode($res);
        if ($json_res->status!='ok') {
            $arr['status']  = 'fail';
            $arr['msg']     = '您的数据已经保存。但创建公众号菜单失败，失败信息:'.$json_res->msg;
        }

        echo json_encode($arr);
        break;
    default:
        break;

}
//by The Light

?>